"A malicious web page can extract out all the data stored within the
autocomplete history of a user's Firefox browser. The web page must
convince a user to hold down the left or right-arrow keys then the
contents of the autocomplete popup can be read. This may includes the
search history box within the browser, or other personal details."
"Mozilla fixed this issue in the 3.5.4 and 220.127.116.11 releases of Firefox."
It is recommended that users update to these versions of Firefox for
this and other bugfixes. Other methods to mitigate this issue are to
turn off autocompletion and to use caution when browsing.